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ABSTRACT: S 

The present invention provides systems and methods for secure transaction management 
and electronic rights protection. Electronic appliances such as computers equipped 
in accordance with the present invention help to ensure that information is accessed 
and used only in authorized ways, and maintain the integrity, availability, and/or 
confidentiality of the information. Such electronic appliances provide a distributed 
virtual distribution environment (VDE) that may enforce a secure chain of handling 
and control, for example, to control and/or meter or otherwise monitor use of 
electronically stored or disseminated information. Such a virtual distribution 
environment may be used to protect rights of various participants in electronic 
commerce and other electronic or electronic-facilitated transactions. Distributed 
and other operating systems, environments and architectures, such as, for example, 
those using tamper- resistant hardware -based processors, may establish security at 
each node. These techniques may be used to support an all-electronic information 
distribution, for example, utilizing the "electronic highway." 
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ABSTRACT : 

The present invention provides systems and methods^r secure transaction management 
and electronic rights protection. Electronic appliances such as computers equipped 
in accordance with the present invention helpxto ensure that information is accessed 
and used only in authorized ways, and mainfeSin the integrity, availability, and/or 
confidentiality of the information. SucJ^electronic appliances provide a distributed 
virtual distribution environment (VDR^that may enforce a secure chain of handling 
and control, for example, to control and/or meter or otherwise monitor use of 
electronically stored or disseminated information. Such a virtual distribution 
environment may be used to prot^fct rights of various participants in electronic 
commerce and other electronicy&r electronic- facilitated transactions. Distributed 
and other operating systems./environments and architectures, such as, for example, 
those using tamper- res istaEft: hardware -based processors, may establish security at 
each node. These techniques may be used to support an all -electronic information 
distribution, for exampLfi, utilizing the "electronic highway." 

102 Claims, 153 Drawing/ figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 146 
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ABSTRACT : 

The present invention provides systems and methods for secure transaction management 
and electronic rights protection. Electronic appliances such as computers equipped 
in accordance with the present invention help to ensure that information is accessed 
and used only in autnorizedvways, and maintain the integrity, availability, and/or 
confidentiality of the inf orWtion. Such electronic appliances provide a distributed 
virtual distribution environment (VDE) that may enforce a secure chain of handling 
and control, for example, to control and/or meter or otherwise monitor use of 
electronically stored or disseminated informations Such a virtual distribution 
environment may be used to protect bights of various participants in electronic 
commerce and other electronic or electronic -facilitated transactions. Distributed 
and other operating systems, environments and architectures, such as, for example, 
those using tamper- resistant hardware -based processors, may establish security at 
each node. These techniques may be used/to N s^ipport an all-electronic information 
distribution, for example, utilizing J:-he "electronic highway." 

375 Claims, 155 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 146/ 
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ABSTRACT : 

The present invention provides systems and methods for secure transaction management 
and electronic rights protection. Electronic appliances such as computers equipped 
in accordance with the present invention help to ensure that information is accessed 
and used only in authorized ways, and maintain the integrity^-avai lability, and/or 
confidentiality of the information. Such electronic appliances provide a distributed 
virtual distribution environment (VDE) that may enforce^ secure chain of handling 
and control, for example, to control and/or meter or otherwise monitor use of 
electronically stored or disseminated information. Such a virtual distribution 
environment may be used to protect rights of various participants in electronic 
commerce and other electronic or electronic- facilitated transactions. Distributed 
and other operating systems, environments and/'architectures , such as, for example, 
those using tamper- resistant hardware -based/processors, may establish security at 
each node. These techniques may be used tpr support an all-electronic information 
distribution, for example, utilizing the'" electronic highway." 
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ABSTRACT : 

The present invention provides systems and methods for secure transaction management 
and electronic rights protection. Electronic appliances such as computers ^ equipped 
in accordance with the present invention help to^ensure that information is accessed 
and used only in authorized ways, and maintain .the integrity, availability, and/or 
confidentiality of the information. Such electronic appliances provide a distributed 
virtual distribution environment (VDE) that/may enforce a secure chain of handling 
and control, for example, to control and/oaf meter or otherwise monitor use of 
electronically stored or disseminated information. Such a virtual distribution 
environment may be used to protect rights of various participants in electronic 
commerce and other electronic or electronic -facilitated transactions. Distributed 
and other operating systems, environments and architectures, such as, for example, 
those using tamper- resistant hardware -based processors, may establish security at 
each node. These techniques may bemused to support an all -electronic information 
distribution, for example, -oiti lining the "electronic highway." 

101 Claims, 155 Drawing figuWfc 
Exemplary Claim Number: 1 
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ABSTRACT : 

The present invention provides systems and methods,for secure transaction management 
and electronic rights protection. Electronic app^^ances such as computers equipped 
in accordance with the present invention help Jz6 ensure that information is accessed 
and used only in authorized ways, and mainta>£ the integrity, availability, and/or 
confidentiality of the information. Such e*fectronic appliances provide a distributed 
virtual distribution environment (VDE) t#at may enforce a secure chain of handling 
and control, for example, to control ajid/or meter or otherwise monitor use of 
electronically stored or disseminator information. Such a virtual distribution 
environment may be used to protect/fights of various participants in electronic 
commerce and other electronic oryUectronic- facilitated transactions. Distributed 
and other operating systems, environments and architectures, such as, for example, 
those using tamper-resistant hardware -based processors, may establish security at 
each node. These techniques m/y be used to support an all-electronic information 
distribution, for example, u/ilizing the "electronic highway." 

2 Claims, 155 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 146 
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ABSTRACT : 




The present invention provides systems and methods f or/felectronic commerce including 
secure transaction management and electronic rights .protection. Electronic 
appliances such as computers employed in accordance^ with the present invention help 
to ensure that information is accessed and used^only in authorized ways, and 
maintain the integrity, availability, and/or confidentiality of the information. 
Secure subsystems used with such electronic Appliances provide a distributed virtual 
distribution environment (VDE) that may enforce a secure chain of handling and 
control, for example, to control and/or miter or otherwise monitor use of 
electronically stored or disseminated i-nf ormation. Such a virtual distribution 
environment may be used to protect rights of various participants in electronic 
commerce and other electronic or electronic- facilitated transactions. Secure 
distributed and other operating system environments and architectures, employing, 
for example, secure semiconductor processing arrangements that may establish secure, 
protected environments at eacXnode. These techniques may be used to support an 
end-to-end electronic information distribution capability that may be used, for 
example, utilizing the "electronic highway." 

220 Claims, 177 Drawing figures 
Exemplary Claim Number: 1 
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TITLE: Systems and methods for the secure transaction management and electronic 
rights protection 



ftppl -ira l-inn Filing Daf.fi (l) : 

Brief Summary Text (142): . . . 

VDE allows the needs of electronic commerce participants to be served and it can 
bind such participants together in a universe wide, trusted commercial network that 
can be secure enough to support very large amounts of commerce. VDE's security and 
metering secure subsystem core will be present at all physical locations where VDE 
related content is (a) assigned usage related control information (rules and 
mediating data) , and/or (b) used. This core can perform security and auditing 
functions (including metering) that operate within a "virtual blank box ," a 
collection of distributed, very secure VDE related hardware instances that are 
interconnected by secured information exchange (for example, telecommunication) 
processes and distributed database means. VDE further includes highly configurable 
transaction operating system technology, one or more associated libraries of load 
modules along with affiliated data, VDE related administration, data preparation, 
and analysis applications, as well as system software designed to enable VDE 
integration into host environments and applications. VDE's usage control 
information, for example, provide for property content and/or appliance related: 
usage authorization, usage auditing (which may include audit reduction) , usage 
billing, usage payment, privacy filtering, reporting, and security related 
communication and encryption techniques. 

nPl-ailpH np«rrH pt--inn Tpvh (1587): . 
An electronic contract is an electronic form of an agreement including rights, 
restrictions, and obligations of the parties to the agreement. In many cases, 
electronic agreements may surround the use of digital l y provided content; for 
example, a iirpn.gp to view a H-ig-i rally distributed movie. It is not required, 
however, that an electronic agreement be conditioned on the presence or use of 
electronic content by one or more parties to the agreement. In its simplest form, an 
electronic agreement contains a right and a control that governs how that right is 
used. 

TWailftri npsfinpt.inn Text (1764): . 

Delivery of audit reports through a path of handling may be in part insured by an 
inverse (return of information) audit method. Many VDE methods have at least two 
pieces: a portion that manages the process of producing audit information at a 
user's VDE node; and a portion that subsequently acts on audit data. In an example 
of the handling of audit information bound for a plurality of auditors, a single 
container object is received at a clearinghouse (or other auditor). This container 
may contain (a) certain encrypted audit information that is for the use of the 
clearinghouse itself, and (b) certain other encrypted audit information bound for 
other one or more auditor parties. The two sets of information may have the same, 
overlapping and in part different, or entirely different, information content. 
Alternatively, the clearinghouse VDE node may be able to work with some or all of 
the provided audit information. The audit information may be, in part, or whole, in 
some summary and/or analyzed form further processed at the clearinghouse and/or may 
be combined with other information to form a, at least in part, derived set of 
information and inserted into one or more at least in part secure VDE objects to be 
communicated to said one or more (further) auditor parties. When an audit 



information contaAr is securely processed at saij^flearinghouse VDE node by said 
inverse (return) audit method, the clearinghouse vfllTnode can create one or more VDE 
administrative objects for securely carrying audit information to other auditors 
while separately processing the secure audit information that is specified for use 
by said clearinghouse. Secure audit processes and credit information distribution^ 
between VDE participants normally takes place within the secure VDE "hl ar.l^hoxv " 
that is processes are securely processed within secure VDE PPE650 and audit 
information is securely communicated between the VDE secure subsystems of vDE 
participants employing VDE secure communication techniques (e.g., public key 
pn^-rypt- -i on r and authentication) . 

nhhpr PpfftrpnrP Publication (79): 

Robert Weber, Document from the Internet - Digital Rights Management Technologies, 
Oct. 1995, 21 pages. 

HhViPr Rfifprpnrp Pnhl i ral-inn (80): 

Robert Weber, rn g Hi- a i Rj g^o Man^Pmpnf. Technologies, A Report to the International 
Federation of Reproduction Rights Organisations, Northeast Consulting Resources, 
Inc., Oct. 1995, 49 pages. 
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TITLE: Systems and methods for secure transaction management and electronic rights 
protection 

Applira Mnn Filing Dat.fi (1) : 
1 QQ71 1 04 

R-Hf>f Su mmary Tfixt (142) : 

VDE allows the needs of electronic commerce participants to be served and it can 
bind such participants together in a universe wide, trusted commercial network that 
can be secure enough to support very large amounts of commerce. VDE f s security and 
metering secure subsystem core will be present at all physical locations where VDE 
related content is (a) assigned usage related control information (rules and 
mediating data), and/or (b) used. This core can perform security and auditing 
functions (including metering) that operate within a "virtual black box , " a 
collection of distributed, very secure VDE related hardware instances that are 
interconnected by secured information exchange (for example, telecommunication) 
processes and distributed database means. VDE further includes highly configurable 
transaction operating system technology, one or more associated libraries of load 
modules along with affiliated data, VDE related administration, data preparation, 
and analysis applications, as well as system software designed to enable VDE 
integration into host environments and applications. VDE's usage control 
information, for example, provide for property content and/or appliance related: 
usage authorization, usage auditing (which may include audit reduction) , usage 
billing, usage payment, privacy filtering, reporting, and security related 
communication and encryption techniques. 

n^hailpr i r^gr-Hpt-.-ion Text (1575) : 

An electronic contract is an electronic form of an agreement including rights, 
restrictions, and obligations of the parties to the agreement. In many cases, 
electronic agreements may surround the use of digi tally provided content; for 
example, a lirpnsp to view a digitally distributed movie. It is not required, 
however, that an electronic agreement be conditioned on the presence or use of 
electronic content by one or more parties to the agreement. In its simplest form, an 
electronic agreement contains a right and a control that governs how that right is 
used. 

DpI-ailfiH Df>Fir-r -ipi--ir>n Tpyf. (1759) : 

Delivery of audit reports through a path of handling may be in part insured by an 
inverse (return of information) audit method. Many VDE methods have at least two 
pieces: a portion that manages the process of producing audit information at a 
user's VDE node; and a portion that subsequently acts on audit data. In an example 
of the handling of audit information bound for a plurality of auditors, a single 
container object is received at a clearinghouse (or other auditor) . This container 
may contain (a) certain pnrrypt.pd audit information that is for the use of the 
clearinghouse itself, and (b) certain other encrypted audit information bound for 
other one or more auditor parties. The two sets of information may have the same, 
overlapping and in part different, or entirely different, information content. 
Alternatively, the clearinghouse VDE node may be able to work with some or all of 
the provided audit information. The audit information may be, in part, or whole, in 
some summary and/or analyzed form further processed at the clearinghouse and/or may 
be combined with other information to form a, at least in part, derived set of 
information and inserted into one or more at least in part secure VDE objects to be 
communicated to said one or more (further) auditor parties. When an audit 
information container is securely processed at said clearinghouse VDE node by said 



inverse (return) M^-t method, the clearinghouse V^knode can create one or more VDE 
administrative objects for securely carrying audit^hf ormation to other auditors 
while separately processing the secure audit information that is specified for use 
by said clearinghouse. Secure audit processes and credit information distribution 
between VDE participants normally takes place within the secure VDE "hlacl^bgx, " 
that is processes are securely processed within secure VDE PPE650 and audit 
information is securely communicated between the VDE secure subsystems of vDE 
participants employing VDE secure communication techniques (e.g., public key 
^nr^-rypi—i on . and authentication) . 

HfhPr Ppfprpnrp Pnhl i <-a H on (124) : 

Document from Internet, "Digital Fights Management Technologies," Robert Weber, 21 
pages (Oct. 1995) . 

nhbpr T?pfprpnpp Pnhlirat-inn (125) : 

Weber, Robert, " n-ig-ii-al PHgM-g Management Technologies, A Report to the 
International Federation of Reproduction Rights Organisations," Northeast Consulting 
Resources, Inc., 49 pages (Oct. 1995). 
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TITLE: Systems and methods for secure transaction management and electronic rights 
protection 



appl -i rat-inn Filing Date (1) : 
ttTH<=»f Rnmmary Text (142): 

VDE allows the needs of electronic commerce participants to be served and it can 
bind such participants together in a universe wide, trusted commercial network that 
can be secure enough to support very large amounts of commerce. VDE's security and 
metering secure subsystem core will be present at all physical locations where VDE 
related content is (a) assigned usage related control information (rules and 
mediating data) , and/or (b) used. This core can perform security and auditing 
functions (including metering) that operate within a "virtual blank box, " a 
collection of distributed, very secure VDE related hardware instances that are 
interconnected by secured information exchange (for example, telecommunication) 
processes and distributed database means. VDE further includes highly configurable 
transaction operating system technology, one or more associated libraries of load 
modules along with affiliated data, VDE related administration, data preparation, 
and analysis applications, as well as system software designed to enable VDE 
integration into host environments and applications. VDE's usage control 
information, for example, provide for property content and/or appliance related: 
usage authorization, usage auditing (which may include audit reduction) , usage 
billing, usage payment, privacy filtering, reporting, and security related 
communication and encryption techniques. 

n**1-*i1f>ri np.ctrri pMnn T^xt (1577) : t 
An electronic contract is an electronic form of an agreement including rights, 
restrictions, and obligations of the parties to the agreement. In many cases, 
electronic agreements may surround the use of digitally provided content; for 
example, cL-Licensfi to view a Higii-*ny distributed movie. It is not required, 
however, that an electronic agreement be conditioned on the presence or use of 
electronic content by one or more parties to the agreement. In its simplest form, an 
electronic agreement contains a right and a control that governs how that right is 
used. 

HPh^ilprf npgrripfinn Text (1754) : ^ ^ 

Delivery of audit reports through a path of handling may be in part insured by an 
inverse (return of information) audit method. Many VDE methods have at least two 
pieces: a portion that manages the process of producing audit information at a 
user's VDE node; and a portion that subsequently acts on audit data. In an example 
of the handling of audit information bound for a plurality of auditors, a single 
container object is received at a clearinghouse (or other auditor) . This container 
may contain (a) certain ^nrrypted audit information that is for the use of the 
clearinghouse itself, and (b) certain other encrypted audit information bound for 
other one or more auditor parties. The two sets of information may have the same, 
overlapping and in part different, or entirely different, information content. 
Alternatively, the clearinghouse VDE node may be able to work with some or all of 
the provided audit information. The audit information may be, in part, or whole, in 
some summary and/or analyzed form further processed at the clearinghouse and/or may 
be combined with other information to form a, at least in part, derived set of 
information and inserted into one or more at least in part secure VDE objects to be 
communicated to said one or more (further) auditor parties. When an audit 



information conta^Br is securely processed at sai^KLearinghouse VDE node by said 
inverse (return) a55it method, the clearinghouse vflFnode can create one or more VDE 
administrative objects for securely carrying audit information to other auditors 
while separately processing the secure audit information that is specified for use 
by said clearinghouse. Secure audit processes and credit information dist^^^tion 
between VDE participants normally takes place within -the secure VDE " bla'^TOox , " 
that is processes are securely processed within secure VDE PPE650 and audit 
information is securely communicated between the VDE secure subsystems of vDE 
participants employing VDE secure communication techniques (e.g., public key 
pnrrypfinn. and authentication) . 

rn-hp-r Ppfprpnrp Pnhliration (68) : 

Weber, Dr. Robert, nig-ii-al p ighi-g Management Technologies, A Report to the 
International Federation of Reproduction Rights Organisations, Oct. 1995, pp. 1-49. 

rn-h^r- Rp fftrpnrfi Publication (69) : 

Weber, Dr. Robert, n-ig-ii-al p -ighi-fl Management Technologies, Oct. 1995, 21 pages. 
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appl irafioTi Filing Date (1) : 
iQQ7nma 

ttT-i <=>f Ru mma-ry TP.yh (142): . 

VDE allows the needs of electronic commerce participants to be served and it can 
bind such participants together in a universe wide, trusted commercial network that 
can be secure enough to support very large amounts of commerce. VDE 1 s security and 
metering secure subsystem core will be present at all physical locations where VDE 
related content is (a) assigned usage related control information (rules and 
mediating data) , and/or (b) used. This core can perform security and auditing 
functions (including metering) that operate within a "virtual black box , " a 
collection of distributed, very secure VDE related hardware instances that are 
interconnected by secured information exchange (for example, telecommunication) 
processes and distributed database means. VDE further includes highly configurable 
transaction operating system technology, one or more associated libraries of load 
modules along with affiliated data, VDE related administration, data preparation, 
and analysis applications, as well as system software designed to enable VDE 
integration into host environments and applications. VDE's usage control 
information, for example, provide for property content and/or appliance related: 
usage authorization, usage auditing (which may include audit reduction) , usage 
billing, usage payment, privacy filtering, reporting, and security related 
communication and encryption techniques. 

TV>1-ai 1f>ri np.ctrr-i p1--inn Tpvf. (1566): t 

An electronic contract is an electronic form of an agreement including rights, 
restrictions, and obligations of the parties to the agreement. In many cases, 
electronic agreements may surround the use of digita ll y provided content; for 
example, a_JLicense to view a digitally distributed movie. It is not required, 
however, that an electronic agreement be conditioned on the presence or use of 
electronic content by one or more parties to the agreement. In its simplest form, an 
electronic agreement contains a right and a control that governs how that right is 
used. 

npt-ailfid np.grrip hinn Tpyf. (1742) : ^ ^ 

Delivery of audit reports through a path of handling may be m part insured by an 
inverse (return of information) audit method. Many VDE methods have at least two 
pieces: a portion that manages the process of producing audit information at a 
user's VDE node; and a portion that subsequently acts on audit data. In an example 
of the handling of audit information bound for a plurality of auditors, a single 
container object is received at a clearinghouse (or other auditor). This container , 
may contain (a) certain encrypted audit information that is for the use of the 
clearinghouse itself, and (b) certain other encrypted audit information bound for 
other one or more auditor parties. The two sets of information may have the same, 
overlapping and in part different, or entirely different, information content 
Alternatively, the clearinghouse VDE node may be able to work with some or all of 
the provided audit information. The audit information may be, in part, or whole, m 
some summary and/or analyzed form further processed at the clearinghouse and/or may 
be combined with other information to form a, at least in part, derived set of 
information and inserted into one or more at least in part secure VDE objects to be 
communicated to said one or more (further) auditor parties. When an audit 
information container is securely processed at said clearinghouse VDE node by said 
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inverse (return) ^ftit method, the clearinghouse V^^node can create one or more VDE 
administrative objects for securely carrying audit Thf ormation to other auditors 
while separately processing the secure audit information that is specified for use 
by said clearinghouse. Secure audit processes and credit information distribution 
between VDE participants normally takes place within the secure VDE "'black bo*, " 4 
that is processes are securely processed within secure VDE PPE 650 and audit 
information is securely communicated between the VDE secure' subsystems of vDE 
participants employing VDE secure communication techniques (e.g., public key 
pnrryphi on . and authentication) . 

OhViP-r Ppfprpnrp Piibl -i rat- i on (57) : 

Weber, Dr. Robert, nig-it-al P-ight-.g Management Technologies, A Report to the 
International Federation of Reproduction Rights Organisations, Oct. 1995,pp. 1-49. 

n^Pr RftfprPTirp Piihlirahinn (58) : 

Weber, Dr. Robert, n-ig-ihal pight-s Management Technologies, Oct. 1995, 21 pages. 
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L8: Entry 5 of 7 



File: USPT 



Jun 22, 1999 



DOCUMENT- IDENTIFIER: US 5915019 A t 

TITLE: Systems and methods for secure transaction management and electronic rights 

protection 



Appl -i rat -ion FH 1 -i ng Date (1) : 
1QQ7mnfi 

mriof Summary Text (142): 

VDE allows the needs of electronic commerce participants to be served and it can 
bind such participants together in a universe wide, trusted commercial network that 
can be secure enough to support very large amounts of commerce. VDE's security and 
metering secure subsystem core will be present at all physical locations where VDE 
related content is (a) assigned usage related control information (rules and 
mediating data), and/or (b) used. This core can perform security and auditing 
functions (including metering) that operate within a "virtual black box , " a 
collection of distributed, very secure VDE related hardware instances that are 
interconnected by secured information exchange (for example, telecommunication) 
processes and distributed database means. VDE further includes highly configurable 
transaction operating system technology, one or more associated libraries of load 
modules along with affiliated data, VDE related administration, data preparation, 
and analysis applications, as well as system software designed to enable VDE 
integration into host environments and applications. VDE 1 s usage control 
information, for example, provide for property content and/or appliance related: 
usage authorization, usage auditing (which may include audit reduction) , usage 
billing, usage payment, privacy filtering, reporting, and security related 
communication and encryption techniques. 

n^l-a-Mfid npsrnpl-inn Text (1572): . ^ . . 

An electronic contract is an electronic form of an agreement including rights, 
restrictions, and obligations of the parties to the agreement. In many cases, 
electronic agreements may surround the use of digita ll y provided content; for 
example, * lirpnqft to view a digitally distributed movie. It is not required, 
however, that an electronic agreement be conditioned on the presence or use of 
electronic content by one or more parties to the agreement. In its simplest form, an 
electronic agreement contains a right and a control that governs how that right is 
used. 

npf-ailprf nPflrrip hinn T^yt (1757) : ^ ^ 

Delivery of audit reports through a path of handling may be in part insured by an 
inverse (return of information) audit method. Many VDE methods have at least two 
pieces: a portion that manages the process of producing audit information at a 
user's VDE node; and a portion that subsequently acts on audit data. In an example 
of the handling of audit information bound for a plurality of auditors, a single 
container object is received at a clearinghouse (or other auditor) . This container 
may contain (a) certain pnrrypfpd audit information that is for the use of the 
clearinghouse itself, and (b) certain other encrypted audit information bound for 
other one or more auditor parties. The two sets of information may have the same, 
overlapping and in part different, or entirely different, information content. 
Alternatively, the clearinghouse VDE node may be able to work with some or all of 
the provided audit information. The audit information may be, in part, or whole, in 
some summary and/or analyzed form further processed at the clearinghouse and/or may 
be combined with other information to form a, at least in part, derived set of 
information and inserted into one or more at least in part secure VDE objects to be 
communicated to said one or more (further) auditor parties. When an audit 
information container is securely processed at said clearinghouse VDE node by said 



inverse (return) ^pit method, the clearinghouse A^ftnode can create one or more VDE 
administrative objects for securely carrying audi t^nformat ion to other auditors 
while separately processing the secure audit information that is specified for use 
by said clearinghouse. Secure audit processes and credit information distribution 
between VDE participants normally takes place within the secure VDE " blar:k box , " 
that is processes are securely processed within secure VDE PPE650 and audit 
information is securely communicated between the VDE secure subsystems of vDE 
participants employing VDE secure communication techniques (e.g., public key 
pnrryption. and authentication) . 

nhhP-r Ppfprpnrp Pnhl i ration (48) : 

Weber, Dr. Robert, nHg-ihal p -ights Management Technologies, A Report to the 
International Federation of Reproduction Rights Organisations, Oct. 1995, pp. 1-49. 

nt-hp-r Ppfprpnrp PnV>1 H ral-.i on (49) : 

Weber, Dr. Robert, n-ig-ihal p ight-.g Management Technologies, Oct. 1995, 21 pages. 
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L8 : Entry 6 of 7 



File: USPT 



Jun 8, 1999 



DOCUMENT- IDENTIFIER: US 5910987 A . . 

TITLE: Systems and methods for secure transaction management and electronic rignts 
protection 



Rppl ifiat.inn Filing Date (1) : 
1 QQfil 204 

ttT-i <*f .gu mma -ry Tfivt (143) : , . 

VDE allows the needs of electronic commerce participants to be served and it can 
bind such participants together in a universe wide, trusted commercial network that 
can be secure enough to support very large amounts of commerce. VDE's security and 
metering secure subsystem core will be present at all physical locations where VDE 
related content is (a) assigned usage related control information (rules and 
mediating data) , and/or (b) used. This core can perform security and auditing 
functions (including metering) that operate within a "virtual black box , " a 
collection of distributed, very secure VDE related hardware instances that are 
interconnected by secured information exchange (for example, telecommunication) 
processes and distributed database means. VDE further includes highly configurable 
transaction operating system technology, one or more associated libraries of load 
modules along with affiliated data, VDE related administration, data preparation, 
and analysis applications, as well as system software designed to enable VDE 
integration into host environments and applications. VDE's usage control 
information, for example, provide for property content and/or appliance related: 
usage authorization, usage auditing (which may include audit reduction) , usage 
billing, usage payment, privacy filtering, reporting, and security related 
communication and pnrrypf.inn techniques. 

n^ha-il^H nPsrHpfinn Text (1573): t 
An electronic contract is an electronic form of an agreement including rignts, 
restrictions, and obligations of the parties to the agreement. In many cases, 
electronic agreements may surround the use of digitally provided content; for 
example, a_JLicena£ to view a H-jgij-ally distributed movie. It is not required, 
however, that an electronic agreement be conditioned on the presence or use of 
electronic content by one or more parties to the agreement. In its simplest form, an 
electronic agreement contains a right and a control that governs how that right is 
used. 

r>P>1-ai1f>H r>f>Pirr-i pi--irm Tpvh (1751) : , , 

Delivery of audit reports through a path of handling may be m part insured by an 
inverse (return of information) audit method. Many VDE methods have at least two 
pieces: a portion that manages the process of producing audit information at a 
user's VDE node; and a portion that subsequently acts on audit data. In an example 
of the handling of audit information bound for a plurality of auditors, a single 
container object is received at a clearinghouse (or other auditor) . This container 
may contain (a) certain ^nr-rypt^d audit information that is for the use of the 
clearinghouse itself, and (b) certain other encrypted audit information bound for 
other one or more auditor parties. The two sets of information may have the same, 
overlapping and in part different, or entirely different, information content. 
Alternatively, the clearinghouse VDE node may be able to work with some or all of 
the provided audit information. The audit information may be, in part, or whole, in 
some summary and/or analyzed form further processed at the clearinghouse and/or may 
be combined with other information to form a, at least in part, derived set of 
information and inserted into one or more at least in part secure VDE objects to be 
communicated to said one or more (further) auditor parties. When an audit 
information container is securely processed at said clearinghouse VDE node by said 



inverse (return) ^Blit method, the clearinghouse X^^node can create one or more VDE 
administrative objects for securely carrying audit information to other auditors 
while separately processing the secure audit information that is specified for use 
by said clearinghouse. Secure audit processes and credit information di^^tion 
between VDE participants normally takes place within the secure VDE '.'blafek^box, 11 
that is processes are securely processed within secure VDE PPE650 and audit 
information is securely communicated between the VDE secure subsystems of vDE 
participants employing VDE secure communication techniques (e.g., public key 
pnrrypMon. and authentication) . 

Othfir Rpfprpnrp Publication (58) : 

Weber, Dr. Robert, n-ig-ii-al Rights Management Technologies, A Report to the 
International Federation of Reproduction Rights Organisations, Oct. 1995, pp. 1-49. 

Ol-hfir Rpfprpnrp Pnhtl i raf i nn (59) : 

Weber, Dr. Robert, nig-iral p -ighha Management Technologies, Oct. 1995, 21 pages. 
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L8: Entry 7 of 7 File: USPT Apr 6, 1999 



DOCUMENT -IDENTIFIER: US 5892900 A 

TITLE: Systems and methods for secure transaction management and electronic rights 
protection 

Rppl-iral- ion Filing Date (1) : 
Rripf Su mmary Tpvh (142) : 

VDE allows the needs of electronic commerce participants to be served and it can 
bind such participants together in a universe wide, trusted commercial network that 
can be secure enough to support very large amounts of commerce. VDE's security and 
metering secure subsystem core will be present at all physical locations where VDE 
related content is (a) assigned usage related control information (rules and 
mediating data), and/or (b) used. This core can perform security and auditing 
functions (including metering) that operate within a "virtual black box, " a 
collection of distributed, very secure VDE related hardware instances that are 
interconnected by secured information exchange (for example, telecommunication) 
processes and distributed database means. VDE further includes highly configurable 
transaction operating system technology, one or more associated libraries of load 
modules along with affiliated data, VDE related administration, data preparation, 
and analysis applications, as well as system software designed to enable VDE 
integration into host environments and applications. VDE's usage control 
information, for example, provide for property content and/or appliance related: 
usage authorization, usage auditing (which may include audit reduction) , usage 
billing, usage payment, privacy filtering, reporting, and security related 
communication and encryption techniques. 

npl-ailfiri r>Pfirnptir>n Text (1798): 

An electronic contract is an electronic form of an agreement including rights, 
restrictions, and obligations of the parties to the agreement. In many cases, 
electronic agreements may surround the use of riigi tal ly provided content; for 
example, a_JLicens£ to view a Higihally distributed movie. It is not required, 
however, that an electronic agreement be conditioned on the presence or use of 
electronic content by one or more parties to the agreement. In its simplest form, an 
electronic agreement contains a right and a control that governs how that right is 
used. 

npi-ailp^ DPFtrri pMon Tpyh (1975) : 

Delivery of audit reports through a path of handling may be in part insured by an 
inverse (return of information) audit method. Many VDE methods have at least two 
pieces: a portion that manages the process of producing audit information at a 
user's VDE node; and a portion that subsequently acts on audit data. In an example 
of the handling of audit information bound for a plurality of auditors, a single 
container object is received at a clearinghouse (or other auditor) . This container 
may contain (a) certain pnrrypfpd audit information that is for the use of the 
clearinghouse itself, and (b) certain other encrypted audit information bound for 
other one or more auditor parties. The two sets of information may have the same, 
overlapping and in part different, or entirely different, information content. 
Alternatively, the clearinghouse VDE node may be able to work with some or all of 
the provided audit information. The audit information may be, in part, or whole, in 
some summary and/or analyzed form further processed at the clearinghouse and/or may 
be combined with other information to form a, at least in part, derived set of 
information and inserted into one or more at least in part secure VDE objects to be 
communicated to said one or more (further) auditor parties. When an audit 
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information conta^r is securely processed at saij^learinghouse VDE node by said 
inverse (return) lodit method, the clearinghouse vrJET node can create one or more VDE 
administrative objects for securely carrying audit information to other auditors 
while separately processing the secure audit information that is specified for use 
by said clearinghouse. Secure audit processes and credit information distribution 
between VDE participants normally takes place within the secure VDE " b l ack box , " 
that is processes are securely processed within secure VDE PPE650 and audit 
information is securely communicated between the VDE secure subsystems of vDE 
participants employing VDE secure communication techniques (e.g., public key 
prirryphion. and authentication) . 

ni-hpr Rpfprpnrfi Pnhl -i rahi on (129) : 

Weber, Dr. Robert, rHg-ii-*l p -igni-g Managpmfint Technologies, A Report to the 
International Federation of Reproduction Rights Organisations, Oct. 1995, pp. 1-49. 

OI-hPT Ppfprpnrp Ehihli ration (130) : 

Weber, Dr. Robert, n-igii-al p -igiit-^ Management Technologies, Oct. 1995, 21 pages. 
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File: DWPI 



Jul 19, 2001 



DERWENT-ACC-NO: 2001-496746 
DERWENT-WEEK: 200154 

COPYRIGHT 2003 DERWENT INFORMATION LTD 

TITLE : n-ig-ii-al right- a ^nagpmpnt system operating on computing device when user 
requests an encrypted digital content to be rendered by the computer 

INVENTOR: GANESAN, K; LIU, D ; PEINADO, M 
PATENT -ASSIGNEE: MICROSOFT CORP (MICT) 

PRIORITY-DATA: 2000US-0526290 (March 15, 2000), 2000US-176425P (January 14, 2000) 



PATENT -FAMILY: 
PUB -NO 

WO 200152021 Al 
AU 200069281 A 



PUB -DATE 
July 19, 2001 
July 24, 2001 



LANGUAGE 
E 



PAGES 

126 

000 



MAIN- IPC 

G06F001/00 

G06F001/00 



DESIGNATED- STATES: AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ 
EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD 
MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU 
ZA ZW AT BE CH CY DE DK EA ES FI FR GB GH GM GR IE IT KE LS LU MC MW MZ NL OA PT SD 
SE SL SZ TZ UG ZW 



APPLICATION-DATA: 
PUB -NO 

WO 200152021A1 
AU 200069281A 
AU 200069281A 



APPL-DATE 
August 22, 2000 
August 22, 2000 



APPL-NO 
2000WO-US23108 
2000AU-0069281 
WO 200152021 



DESCRIPTOR 



Based on 



INT-CL (IPC) : GO£ E 

RELATED- ACC-NO: 2001-522158 ; 2001- 522159 ;2001-596328 ;2001-596397 

ABSTRACTED-PUB-NO: WO 200152021A 
BAS IC -ABSTRACT : 

NOVELTY - Uses a m^nV box (30) in the digital right r management (DRM ) system for 
performing decryption and encryption functions. The black box contains identifier of 
computing device (14) and is tied to the computing device. 

DETAILED DESCRIPTION - The blarV bnx also contains at least one black box public 
key The DRM system also contains digital license (16) corresponding to the d i g i ta l 
content. The licence includes a decryption key (KD) for decrypting the encrypted 
digital content. The decryption key is encrypted according to a black box public key 
of the black_box. The licence is tied to the black box, and the computing device. AN 
INDEPENDENT CLAIM is made for a method of operating DRM system when user requests 
that computer renders an encrypted digital content. 

USE - For enforcing rights in a digital content allowing access to encrypted digital 
content only in accordance with parameters specified by licence rights acquired by 
user. 
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ADVANTAGE - Enforcement rights and method enforce rights in protected (secure) 
digital content available on a medium such as the Internet, an optical disk, etc. 

DESCRIPTION OF DRAWING (S) - Drawing is a block diagram showing an enforcement 
architecture in accordance with an embodiment of the present invention. 

Computing device 14 

Digital licence 16 

RlarV box 30 

Decryption key. KD 

ABSTRACTED -PUB -NO: WO 200152021A 
EQUIVALENT -ABSTRACTS : 

CHOSEN-DRAWING: Dwg.l/22 

DERWENT- CLASS: T01 

EPI-CODES: T01-C01A; T01-D01; T01-H01B1; T01-H01C2; T01-H07C5E; T01-J12C; 
T01-J20B2A; 
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File: DWPI 



Dec 26, 2002 



DERWENT -ACC -NO : 2003-094046 
DERWENT-WEEK : 200315 

COPYRIGHT 2003 DERWENT INFORMATION LTD 

TITLE: Duplicating secure H-ig-i t-.al music by generating 1 i censing data in accordance 
with rH g-ihal r-ighi-g ma nagpmpnh level for content files and encrypting 

INVENTOR: ISAACSON, S R; PETERS, E R ; SHORT, R L 
PATENT-ASSIGNEE: IOMEGA CORP (IOMEN) 
PRIORITY-DATA: 2001US-0891441 (June 25, 2001) 
PATENT -FAMILY: 

PUB-NO PUB-DATE LANGUAGE PAGES MAIN- IPC 

US 20020196940 Al December 26, 2002 000 H04L009/00 

WO 2003001352 A2 January 3, 2003 E 035 ^G06F00l/00 



DESIGNATED- STATES: AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK 
DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT 
LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR 
TT TZ UA UG UZ VN YU ZA ZM ZW AT BE CH CY DE DK EA ES FI FR GB GH GM GR IE IT KE LS 
LU MC MW MZ NL OA PT SD SE SL SZ TR TZ UG ZM ZW 



APPLICATION-DATA: 

PUB-NO APPL-DATE APPL-NO DESCRIPTOR 

US20020196940A1 June 25, 2001 2001US-0891441 

WO2003001352A2 June 21, 2002 2002WO-US19989 



INT-CL (IPC) : GD£ E HQA L 

ABSTRACTED- PUB-NO: W02 003001352A 
BASIC -ABSTRACT : 

NOVELTY - Method consists in copying self -authenticating dig i t al data and associated 
1-ir^rtPi-ing data representing i i rinsing rights from a master storage medium to a 
target storage medium (TSM) , integrating the TSM serial number information. 
T.-irpns-ing data is WMA formatted, content files are selected for duplication, dig i ta l 
r-ighi-g mpnagpmPTif (drm I levels are set for the content files and the 1 i cens i ng data 
is generated in accordance with the DRM rights level. The file is encrypted with a 
unique key stored in the file and its licensing data. 

DETAILED DESCRIPTION - There are INDEPENDENT CLAIMS for: 

(1) A computer program for duplicating secure digital data 

(2) A computer system with master storage medium copying to target storage media 
USE - Method is for providing secure digital music duplication. 

DESCRIPTION OF DRAWING (S) - The figure shows a system for producing a benchmark on 
storage media. 



ABSTRACTED - PUB -N0MB02 00300135 2A 
EQUIVALENT -ABSTRACTS : 

CHOSEN-DRAWING: Dwg.l/10 



DERWENT- CLASS: T01 

EPI-CODES: T01-D01; T01-J20B2A; T01-S03; 
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L10: Entry 2 of 10 File: DWPI Dec 3, 2002 

DERWENT-ACC-NO: 2 003-041103 
DERWENT- WEEK : 200304 

COPYRIGHT 2003 DERWENT INFORMATION LTD 

TITLE: Applet execution method for software license protection in multi -processor 
computer environment, involves determining whether applet has right to be executed, 
using sequence data stored in tamper- resistant device 

INVENTOR: CARLSEN, U; HAMMERS TAD , H 
PATENT-ASSIGNEE: SOSPITA AS (SOSPN) 
PRIORITY-DATA: 2001WO-NO00201 (May 11, 2001) 



PATENT -FAMILY: 
PUB -NO 

US 6490720 Bl 
WO 200293365 Al 



PUB -DATE 
December 3, 2002 
November 21, 2002 



LANGUAGE PAGES MAIN -IPC 

000 G06F009/44 
E 017 G06F009/44 



DESIGNATED -STATES: AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK 
DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT 
LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA 
UG US UZ VN YU ZA ZW AT BE CH CY DE DK EA ES FI FR GB GH GM GR IE IT KE LS LU MC MW 
MZ NL OA PT SD SE SL SZ TR TZ UG ZW 



APPLICATION-DATA: 
PUB -NO 

US 6490720B1 
US 6490720B1 
WO 200293365A1 



APPL-DATE 
May 11, 2001 
June 26, 2001 
May 11, 2001 



APPL-NO 
2001WO-NO00201 
2001US-0891490 
2001WO-NO00201 



DESCRIPTOR 
Cont of 



INT-CL (IPC) : GO£ E 3./AA; GQ£ E i/M 

ABSTRACTED-PUB-NO: WO 200293365A 
BASIC -ABSTRACT: 

NOVELTY - A portion of a code, having several applets, is executed in one or more 
tamper-resistant devices (200) such as smart cards which are connected to a computer 
(100) . A sequence data stored in the tamper- resistant device is used to determine 
whether the applet has the right to be executed, when the sequence data exist in the 
current applet. 

USE - For executing applets in tamper-resistant external devices such as smart 
cards, USB tokens, PCMCIA cards and micro controllers for software 1 icense 
protection in applications, such as e-payment, digital rights management (DRM ) , 
multimedia protection, authentication, biometry, public-key infrastructure (PKI) and 
pnrrypt H nn - Rrhpmps . in multi -processor computer environment. 

ADVANTAGE - Allows a smart card application to be safely split up into sub 
applications, thereby enforcing correct execution order and application integrity 
and allowing the execution environment of the external device to discover illegal 
processing of the applets. Provides an efficient and user-friendly tool for 
optimization of application security and performance by selecting software 
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application compo^Pits that are suitable and not d^^able for execution in the 
tamper-resistant aevice. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of the 

multi -processor computer environment for executing a portion of code in an external 

device . 

Computer 100 

Tamper- resistant device 200 

ABSTRACTED- PUB -NO: WO 200293365A 
EQUIVALENT-ABSTRACTS : 

CHOSEN-DRAWING: Dwg.3/5 

DERWENT - CLAS S : T 0 1 

EPI-CODES: T01-C11; T01-F03; T01-H01B3A; T01-J20B2A; 
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L10: Entry 4 of 10 File: DWPI Dec 27, 2001 

DERWENT -ACC- NO: 2002-257107 
DERWENT - WEEK : 200230 

COPYRIGHT 2003 DERWENT INFORMATION LTD 

TITLE- Content distribution system via network utilizing distribution conditional 
access agents and secure agents to perform digital rights management in a secure 
environment 

INVENTOR: FRANSDONK, R W 
PATENT-ASSIGNEE: MINDPORT USA (MINDN) 
PRIORITY-DATA: 2000US-212125P (June 16, 2000) 



PATENT- FAMILY: 
PUB -NO 

WO 200198903 Al 
AU 200169856 A 



PUB-DATE LANGUAGE PAGES MAIN- IPC 

December 27, 2001 E 114 G06F011/30 

January 2, 2002 000 G06F011/30 



DES IGNATED - STATES : AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK 
DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU 
LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG 
US UZ VN YU ZA ZW AT BE CH CY DE DK EA ES FI FR GB GH GM GR IE IT KE LS LU MC MW MZ 
NL OA PT SD SE SL SZ TR TZ UG ZW 

APPLICATION-DATA : 

PUB -NO APPL-DATE APPL-NO DESCRIPTOR 

WO 200198903A1 June 15, 2001 2001WO-US19271 

AU 200169856A June 15, 2001 2001AU-0069856 
AU 200169856A 



WO 200198903 Based on 



INT-CL (IPC) : GD£ E 11/2£l; GO£ E 12/11; G0JI E GO£ E IS /ill; GO£ E 11/ BH; HGA 

K HOA L Sl/HH; HOA L 3./ 22 



ABSTRACTED -PUB -NO: WO 200198903A 
BASIC -ABSTRACT : 



NOVELTY - Clear content (24) at the content provider (16) is encrypte . d utilizing a 
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NOVELTY - A computing device (14) receives distributed digital content from a 
content server (22) and stores digital license; corresponding tn the digital content 
(12 ) a H-igii- a i r-igbi-g ^n. gpmpnf (drmI system on the computing devxce is invoked by 
a rendering application and determines whether a right to render digita l content m 
the manner sought exists based on digital license stored in the computing device. 

DETAILED DESCRIPTION - The rHg-ii-*l content (12) in encrypted form is distributed by 



content server ar^fe. iirpusp server (24) issues i cptisr correspond i ng to the 

rHq-ii-ai content. The content and license servers are communicatively coupled to 
internet The H-ig-it-al l -i rpnsp includes a decryption key for decrypt i ng the encrypted 
Hig-it-.al content and a description of rights conferred by the license . An INDEPENDENT 
CLAIM is also included for rl-ig-it-al rights management implementing method. 

USE - For allowing access to digital contents such as digital audio, video, text and 
digital multimedia and enforcing rights in protected digital content on a medium 
such as internet, optical disk. For handheld devices, multiprocessor systems, 
microprocessor based or programmable consumer electronics, network PCs, mini 
computers, main frame computers. 

ADVANTAGE - Prevents user of the computing device from making a copy of digital 
content, except otherwise allowed by content owner. Enables user to obtain license 
from a license server without any action necessary on the part of the user. 

DESCRIPTION OF DRAWING (S) - The figure shows block diagram of enforcement 
architecture . 
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